The Apache Software Foundation issued a warning over the weekend regarding a critical-severity file upload vulnerability in the Struts 2 open source development framework that could be exploited to remotely execute arbitrary code in the form of security updates.
An “attacker could enable paths with traversals” due to a flaw in the file upload logic, according to the description of the issue, which is tracked as CVE-2023-50164. Technical information has not been made public.
In its advisory, Apache states that “an attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.”
Read More: Apache Patches Critical RCE Vulnerability in Struts 2
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.